CVE-2024-28397 PoC — Js2Py 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-28397.yaml

Associated Vulnerability

Title:Js2Py 安全漏洞 (CVE-2024-28397)
Description:Js2Py是Python基金会的一个库。用于将 JavaScript 转换为 Python 代码。 Js2Py 0.74 及之前版本存在安全漏洞，该漏洞源于组件 js2py.disable_pyimport() 中存在一个问题，攻击者利用该漏洞可以通过精心设计的 API 调用执行任意代码。

Description

An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.

File Snapshot


 id: CVE-2024-28397

info:
  name: pyload-ng js2py - Remote Code Execution
  author: iamnoooob,rootxh

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!